Kaspersky has detected a wave of phishing attacks targeting former clients of the bankrupt crypto lending platform BlockFi. These scams exploit the ongoing distribution of customer assets following BlockFi’s 2022 bankruptcy, tricking victims into revealing their cryptocurrency wallet seed phrases, which could result in financial losses.
Background on BlockFi
BlockFi was previously known for offering high-yield interest accounts and crypto-backed loans. The company filed for bankruptcy in November 2022 and began disbursing repayments to affected clients in 2024 as part of a restructuring plan.
How the Attacks Work
Fraudulent emails mimicking BlockFi’s branding invite recipients to “claim the payment” they supposedly deserve. Clicking the link directs users to a phishing page where they are prompted to connect their wallet and input their secret seed phrase. Once provided, attackers gain direct access to the victim’s cryptocurrency funds.
Roman Dedenok, anti-spam expert at Kaspersky, commented:
“Phishing attacks like this are widespread, capitalizing on real-world events to build trust and urgency. Victims who fall for these scams risk exposing their crypto wallets to theft. It’s critical for individuals to verify any communications directly through official channels and to check the sender’s email address for legitimacy.”
Why These Scams Are Hard to Spot
The phishing emails use convincing logos, color schemes, and persuasive language, making them difficult to identify at first glance.
Kaspersky’s Recommendations to Stay Safe
To avoid falling victim to these or similar scams, Kaspersky advises:
-
Do not click on links or respond to unsolicited emails.
-
Protect sensitive information: Never share banking credentials, wallet seed phrases, or other private keys via email or online forms.
-
Use security tools: Enable two-factor authentication (2FA) on all financial accounts, use reputable security software like Kaspersky Premium, and consider a password manager to safeguard credentials.
These measures are critical for protecting cryptocurrency assets, particularly in scenarios involving bankrupt platforms or restructuring events that attract cybercriminal activity.
